Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2011-1280
HistoryJun 16, 2011 - 8:55 p.m.

CVE-2011-1280

2011-06-1620:55:02
CWE-200
[email protected]
web.nvd.nist.gov
1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.7%

JSON

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka “XML External Entities Resolution Vulnerability.”

Affected configurations

NVD
Node
microsoftoffice_infopathMatch2007sp2
OR
microsoftoffice_infopathMatch2010x32
OR
microsoftoffice_infopathMatch2010x64
OR
microsoftsql_serverMatch2005sp3
OR
microsoftsql_serverMatch2005sp3express
OR
microsoftsql_serverMatch2005sp3express_advanced_services
OR
microsoftsql_serverMatch2005sp3itanium
OR
microsoftsql_serverMatch2005sp3x64
OR
microsoftsql_serverMatch2005sp4
OR
microsoftsql_serverMatch2005sp4express
OR
microsoftsql_serverMatch2005sp4express_advanced_services
OR
microsoftsql_serverMatch2005sp4itanium
OR
microsoftsql_serverMatch2005sp4x64
OR
microsoftsql_serverMatch2008r2itanium
OR
microsoftsql_serverMatch2008r2x64
OR
microsoftsql_serverMatch2008sp1itanium
OR
microsoftsql_serverMatch2008sp1x64
OR
microsoftsql_serverMatch2008sp2itanium
OR
microsoftsql_serverMatch2008sp2x32
OR
microsoftsql_serverMatch2008sp2x64
OR
microsoftsql_server_management_studio_expressMatch2005
OR
microsoftsql_server_management_studio_expressMatch2005x64
OR
microsoftvisual_studioMatch2005sp1
OR
microsoftvisual_studioMatch2008sp1
OR
microsoftvisual_studioMatch2010

Related

securityvulns 1
openvas 2
nessus 2
cve 1
cvelist 1
checkpoint_advisories 1
prion 1
mskb 1
symantec 1
seebug 1
securityvulns
securityvulns
Microsoft XML Editor information leakage
2011-06-15 00:00:00
openvas
openvas
Microsoft XML Editor Information Disclosure Vulnerability (2543893)
2011-06-21 00:00:00
Microsoft XML Editor Information Disclosure Vulnerability (2543893)
2011-06-21 00:00:00
nessus
nessus
MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) (uncredentialed check)
2014-03-10 00:00:00
MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
2011-06-15 00:00:00
cve
cve
CVE-2011-1280
2011-06-16 20:55:02
cvelist
cvelist
CVE-2011-1280
2011-06-16 20:21:00
checkpoint_advisories
checkpoint_advisories
Microsoft XML Editor Crafted Entity Information Disclosure (MS11-049; CVE-2011-1280)
2011-06-09 00:00:00
prion
prion
Xxe
2011-06-16 20:55:00
mskb
mskb
KB2543893 - MS11-049: Vulnerability in the Microsoft XML Editor could allow information disclosure: June 14, 2011
2011-06-14 00:00:00
symantec
symantec
Microsoft XML External Entities Resolution CVE-2011-1280 Information Disclosure Vulnerability
2011-06-14 00:00:00
seebug
seebug
Microsoft XML外部实体分解CVE-2011-1280信息泄露漏洞
2011-06-16 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.7%

JSON
Related for NVD:CVE-2011-1280
securityvulns1openvas2nessus2cve1cvelist1checkpoint_advisories1prion1mskb1symantec1seebug1